Windows PowerShell Cmdlets for Group Policy
Applies To: Windows 7, Windows Server 2008 R2
What do the Windows PowerShell Group Policy cmdlets do?
Windows PowerShell is a Windows command-line shell and scripting language that you can use to automate many of the same tasks that you perform in the user interface by using the Group Policy Management Console (GPMC). To help you perform these tasks, Group Policy in Windows Server 2008 R2 provides more than 25 cmdlets. Each cmdlet is a simple, single-function command-line tool.
You can use the Group Policy cmdlets to perform the following tasks for domain-based Group Policy Objects (GPOs):
Maintaining GPOs: GPO creation, removal, backup, and import.
Associating GPOs with Active Directory® containers: Group Policy link creation, update, and removal.
Setting inheritance flags and permissions on Active Directory organizational units (OUs) and domains.
Configuring registry-based policy settings and Group Policy Preferences Registry settings: Update, retrieval, and removal.
Creating and editing Starter GPOs.
Are there any special considerations?
To use the Windows PowerShell Group Policy cmdlets, you must be running either Windows Server 2008 R2 on a domain controller or on a member server that has the GPMC installed, or Windows 7 with Remote Server Administration Tools (RSAT) installed. RSAT includes the GPMC and its cmdlets.
You must also use the Import-Module grouppolicy command to import the Group Policy module before you use the cmdlets at the beginning of every script that uses them and at the beginning of every Windows PowerShell session.
You can use the GPRegistryValue cmdlets to change registry-based policy settings and the GPPrefRegistryValue cmdlets to change Registry preference items. For information about the registry keys that are associated with registry-based policy settings, see the Group Policy Settings Reference. This reference is a downloadable spreadsheet.
Note
For more information about the Group Policy cmdlets, you can use the Get-Help<cmdlet-name> and Get-Help<cmdlet_name>-detailed cmdlets to display basic and detailed Help.
What policy settings have been added or changed?
New policy settings now enable you to specify whether Windows PowerShell scripts run before non-Windows PowerShell scripts during user computer startup and shutdown, and user logon and logoff. By default, Windows PowerShell scripts run after non-Windows PowerShell scripts.
Group Policy settings
Setting name | Location | Default value | Possible values | ||
---|---|---|---|---|---|
Run Windows PowerShell scripts first at computer startup, shutdown |
Computer Configuration\Policies\Administrative Templates\System\Scripts\ |
Not Configured (Windows PowerShell scripts run after non-Windows PowerShell scripts) |
Not Configured, Enabled, Disabled
|
||
Run Windows PowerShell scripts first at user logon, logoff |
Computer Configuration\Policies\Administrative Templates\System\Scripts\ |
Not Configured (Windows PowerShell scripts run after non-Windows PowerShell scripts) |
Not Configured, Enabled, Disabled Note This policy setting determines the order in which user logon and logoff scripts are run within all applicable GPOs. You can override this policy setting for specific script types in a specific GPO by configuring the following policy settings for the GPO: User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\Logon and User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\Logoff.
|
||
Run Windows PowerShell scripts first at user logon, logoff |
User Configuration\Policies\Administrative Templates\System\Scripts\ |
Not Configured (Windows PowerShell scripts run after non-Windows PowerShell scripts) |
Not Configured, Enabled, Disabled Note This policy setting determines the order in which user logon and logoff scripts are run within all applicable GPOs. You can override this policy setting for specific script types in a specific GPO by configuring the following policy settings for the GPO: User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\Logon and User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\Logoff.
|
||
Startup (PowerShell Scripts tab) |
Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)\ |
Not Configured |
Not Configured, Run Windows PowerShell scripts first, Run Windows PowerShell scripts last |
||
Shutdown (PowerShell Scripts tab) |
Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)\ |
Not Configured |
Not Configured, Run Windows PowerShell scripts first, Run Windows PowerShell scripts last |
||
Logon (PowerShell Scripts tab) |
User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\ |
Not Configured |
Not Configured, Run Windows PowerShell scripts first, Run Windows PowerShell scripts last |
||
Logoff (PowerShell Scripts tab) |
User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\ |
Not Configured |
Not Configured, Run Windows PowerShell scripts first, Run Windows PowerShell scripts last |
Additional references
Windows PowerShell Technology Center: This Web site is an entry point for Windows PowerShell documentation, such as information about deployment, operations, training, support, and communities.
Windows PowerShell blog: This Web site is an entry point for Windows PowerShell blogs that includes information about current Windows PowerShell developments, best practices, training, and other resources.
Group Policy Technology Center: This Web site is an entry point for Group Policy documentation, such as information about deployment, operations, training, support, and communities.
Group Policy Settings Reference: This document lists Group Policy settings described in administrative template (ADMX) files and security settings. This spreadsheet includes all administrative template policy settings for Windows Server 2008 R2 and Windows Vista.